3Com Switch 7750 Configuration Guide
268 CHAPTER 30: MSTP CONFIGURATION
<SW7750> system-view
[SW7750] interface ethernet1/0/1
[SW7750-Ethernet1/0/1] stp loop-protection
TC-BPDU Attack
Prevention
Configuration
Configuration prerequisites
MSTP is enabled on the current switch.
Configuration procedure
Configuration example
# Enable the TC-BPDU attack prevention function
<SW7750> system-view
[SW7750] stp tc-protection enable
# Configure the switch to remove MAC addresses for up to 5 times within 10
seconds.
<SW7750> system-view
[SW7750] stp tc-protection threshold 5
Digest Snooping
Configuration
Introduction According to IEEE 802.1s, two interconnected MSTP switches can interwork with
each other through MSTIs in an MST region only when the two switches have the
same MST region-related configuration. Interconnected MSTP switches determine
whether or not they are in the same MST region by checking the configuration IDs
of the BPDUs between them. (A configuration ID contains information such as
region ID and configuration digest.)
As some partners’ switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with
the same MST region-related settings as other switches in the MST region.
This problem can be overcome by implementing the digest snooping feature. If a
port on a Switch 7750 is connected to a partner’s switch that has the same MST
region-related configuration as its own but adopts a proprietary spanning tree
protocol, you can enable digest snooping on the port. Then the Switch 7750
regards the partner’s switch as in the same region; it records the configuration
digests carried in the BPDUs received from the partner’s switch, and put them in
Table 203 Enable the TC-BPDU attack prevention function
Operation Command Description
Enter system view system-view -
Enable the TC-BPDU attack
prevention function
stp tc-protection
enable
Required
The TC-BPDU attack prevention
function is enabled by default.
Configure the times for the
switch to remove MAC address
tables within 10 seconds
stp tc-protection
threshold number
Optional